Deployable applications include a mixture of executable code and optional data files. The executable code is derived from human readable source code and is usually generated in a non-human readable format (referred to herein as “executable machine code”). A “mixed-mode” application includes both executable machine code components suitable for direct execution by computer hardware and a combination of human-readable source code and (typically) non-human-readable pseudo-code suitable for indirect execution in conjunction with a virtual machine (e.g. Java bytecode, .NET MSIL code, MATLAB M-code, MATLAB P-code, etc). It should be specifically noted that the term “pseudo-code” is used herein to refer to code executable by a virtual machine rather than the alternative meaning of informally written program code. When mixed-mode applications contain human-readable source code, the source code is typically translated to pseudo-code before execution by the virtual machine. Although the executable machine code is generated in a non-human readable format, each executable machine code component is accessible through a well-defined interface which can be revealed through the use of commonly available tools. Other read only components of the deployed application may be similarly vulnerable. For example, data stored in industry-standard format is easily modified by a malicious entity.
Unfortunately, the fact that the executable machine code components are accessible through well-defined interfaces presents a security issue. Malicious entities may replace executable machine code components with other units using the same interfaces. One possible approach to this security vulnerability is to encrypt the executable machine code as part of the deployment of the mixed-mode application. However, the additional computational overhead associated with the encryption and decryption process for the machine executable code frequently represents an unacceptable reduction in application performance or increased security risk since an encrypted executable machine code component can't be loaded by the operating system until it is decrypted and that exposes it to attack. Although the source code and pseudo-code may also be accessed through interfaces, the access does not present the same security problem as does the access to the executable machine code since the pseudo-code runs in a virtual machine, and is free to have a format independent of the hardware-specific format required of “true” executable code, thus allowing it to be stored in an encrypted or otherwise secure form. Since the virtual machine which executes the pseudo-code has complete control over the process of loading and executing the source code and pseudo-code, there is no requirement that source code or pseudo-code be decrypted on disk before being loaded. Thus, entire source code and pseudo-code files or functions may be encrypted without the vulnerabilities associated with the encryption of executable machine code components. Furthermore, source code and pseudo-code files are often much smaller than executable machine code components, greatly reducing the computational effort required to encrypt and decrypt them. Note, however, that the techniques of this invention could equally well be applied to source code or pseudo-code files or functions, should such application produce computational benefits. Accordingly, because of these security issues with deploying native executable machine code components, it would be desirable to have a mechanism through which vendors of virtual machines can verify that the native executable machine code components in a mixed-mode application have not been tampered with by an outside entity and is in its original deployed condition prior to being executed in the virtual machine.